Exploits
An exploit is the use of glitches and software vulnerabilities in Roblox by a player to alter the game or earn lots of money/points for an unfair advantage. Exploits have been defined as a form of cheating; however, the precise meaning of what is or is not considered an exploit can be debated. Many users believe that the correct term for programs that change Roblox for a player's advantage is “exploiting”, and others believe “hacking” is the correct term. However, hacking is the act of gaining unauthorized access to a system while exploiting is abusing a vulnerability to do the same. Exploiting is a bannable offense and a player will be banned if caught exploiting (account deletion, poison or even IP ban, less likely a warning). FilteringEnabled has lead to the downfall of many exploits. Types of exploits .BIN injecting .BIN injecting is a type of exploit which is not prevented by FilteringEnabled and very hard to patch. When the launcher is activated with the client running, the launcher will automatically insert the .BIN file into the Roblox client, sometimes with a message box. Once done inserting, users will be able to use the given tab to either mess up the workspace or insert a script. Lua bytecode When Lua runs programs, the Lua virtual machine compiles code to Lua bytecode before it is interpreted. This process is irreversible without artefacts (via decompilation) and thus was frequently used for Code Obfuscation. Lua bytecode does not have the same structure as Lua and allows, by unconventional means, manipulation of the stack and other things that are not possible in normal Lua programming. It is possible, though difficult, to write Lua assembly code manually and to assemble it into Lua bytecode. The Roblox process can load Lua code and Lua bytecode through use of the loadstring function. It has been proposed on the Lua mailing list that direct stack manipulation could be used to access the environment of other functions during their execution and, therefore, to steal values from these functions (including C functions that Lua has access to), something which is not possible in pure Lua. The Roblox user NecroBumpist proved the idea to be true and possible.1 Using Lua bytecode, he created a function that allowed a script to steal values from other functions, including C functions. This made it possible to steal values from Roblox's API's, but months passed until someone found a way to use this bug to modify the global environment and to become capable to make the core scripts and the join script execute any Lua code in a game server. This resulted in the removal of bytecode from Roblox and the ability to use it with the loading function.2 Despite common belief, this exploit was unrelated to a Direct Dynamic Library (DLL) exploit in the same time period. The removal of bytecode had no other side effect than rendering code obfuscation impossible without other means. Proto Conversion After the removal of the Lua compiler from the client, Roblox made heavy changes to the Lua VM. Roblox-compatible bytecode after the change contained heavy use of encryption and obfuscation and required special signing from the server, which is where all client scripts were compiled. Generating this new bytecode from scratch would prove near impossible for would-be exploiters. In the summer of 2015, a user named Chirality on an underground Roblox exploit development/marketplace forum called "V3rmillion"3 came up with an idea: By using the regular vanilla Lua compiler to generate a Lua function prototype, then modifying it to be compatible with Roblox's VM, he could achieve script execution. This process was made easier through use of C++'s very flexible data types, where after reversing the right structs, accessing all the data from a Roblox function prototype was trivial. After solving the encryption, Chirality achieved script execution, and dubbed his method "proto conversion." He then created an exploit called Seven, which was the first of many exploits to use the new method. Some of the most prevalent and infamous exploits in history, such as Elysian, Intriga, Protosmasher, Synapse, Cerberus, and EX-7, have used this method to execute scripts. Lua Wrapping A new method to obtain script execution was also in the works after the heavy VM changes that Roblox implemented. This method - dubbed "Lua wrapping" or just "wrapping", became the second most popular method to obtain script execution. This method worked by generating a fake Roblox environment in a normal Lua instance and emulating the regular Roblox environment in C functions implemented by the exploit. This made Roblox's attempts to patch these exploits extremely hard, allowing them to survive major security updates without any features lost. Early attempts to implement this method of script execution were the highly popular 'Alx' and 'Nyx' exploits - made by the two major exploit developers of the time, Austin, and Chirality, respectively. Both of these exploits were later rewritten to use Proto Conversion instead. Around 2 years later, a new class of wrapper exploits was born with the release of the 'RaindropV2' (later renamed to 'Synapse') exploit by developer 3dsboy08. Around a month later, another exploit named 'Seraph' also implemented the same method of obtaining script execution. Both of these exploits largely used the same methods described at the top of this section. DLL Injection Most current exploits are DLL files that are injected into Roblox using a DLL injector. Once injected, the exploit is able to function correctly. Injecting a DLL into a process is not all that is required, as Roblox has introduced many safeguards to prevent memory from being manipulated easily. Lag Switching Lag switching is an exploit that has not been patched since a demonstration in 2015. Loading up a lagswitch will allow you to use the hotkeys available. If the user triggers the activation, their computer will stop sending signals to the modem in this case the user is already using Roblox and can roam around freely, the user must reconnect their computer to the internet in 9 seconds or Roblox will shut down. If the user deactivates the lag switch, their client returns to normal. People complain about this exploit as users can "teleport" to almost anywhere in the game. Criticism Many players have criticized exploiters, as they can ruin the game by deleting parts, inserting random models, kicking players out of the game etc. Some players also take it to the extent that they call exploiters noobs. Even in fighting games, users who spot exploiters say they have no skill or talent. Some exploiters have inserted inappropriate models, decals, and sounds and used scripts to do inappropriate things to avatars in game. The most severe case of this and exploits in general was on the 4th of July when two exploiters were doing strongly inappropriate actions to a 7-year-old girl's avatar. This incident was featured heavily on several news websites, leading to Roblox permanently banning the exploiters and applying restrictions to Experimental Mode games (see Criticism of Roblox#Experimental Mode Game Restrictions for more info).